CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Interlock Ransomware Gang Exfiltrates Data of Nearly 2.7 Million DaVita Patients

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

The Interlock ransomware gang exfiltrated personal and health information of nearly 2.7 million individuals from DaVita, a kidney dialysis firm. The breach occurred between March 24 and April 12, 2025, affecting data from DaVita's dialysis labs database. The compromised data includes names, addresses, dates of birth, social security numbers, health insurance details, and dialysis lab test results. The gang leaked the data on its dark web portal after failed negotiations with DaVita. DaVita serves over 265,400 patients across 3,113 outpatient dialysis centers globally. The company reported revenues of over $12 billion in 2024 and $3.3 billion for the second quarter of 2025. The Department of Health's Office for Civil Rights (OCR) confirmed the breach, initially reporting 2,689,826 affected individuals, but DaVita's internal investigation found the actual number to be 2.4 million.

Timeline

  1. 22.08.2025 12:38 πŸ“° 1 articles Β· ⏱ 25d ago

    Interlock Ransomware Gang Exfiltrates Data from DaVita

    The Interlock ransomware gang exfiltrated personal and health information of nearly 2.7 million individuals from DaVita between March 24 and April 12, 2025. The gang leaked the data on its dark web portal after failed negotiations with DaVita. DaVita confirmed the legitimacy of the leaked files and is providing resources to affected individuals. The Department of Health's Office for Civil Rights (OCR) initially reported 2,689,826 affected individuals, but DaVita's internal investigation found the actual number to be 2.4 million.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

UNC6395 Exploits Salesloft OAuth Tokens to Exfiltrate Salesforce Data

UNC6395 exploited Salesloft OAuth tokens to exfiltrate data from Salesforce instances. The campaign, active from August 8 to 18, 2025, targeted over 700 organizations, exporting credentials and sensitive information. Zscaler, Palo Alto Networks, Cloudflare, Google, PagerDuty, Proofpoint, SpyCloud, Tanium, and Workiva were impacted by the breach, exposing customer information. Salesloft and Salesforce have taken remediation steps, and the threat actor demonstrated operational security awareness. The breach involved exporting large volumes of data from Salesforce instances, including AWS access keys, passwords, and Snowflake tokens. The actor deleted query jobs to cover tracks. Salesloft has revoked connections and advised customers to re-authenticate Salesforce integrations. The campaign may indicate a broader supply chain attack strategy. Salesloft has engaged Mandiant and Coalition for investigation and remediation. Drift customers are urged to update API keys for connected integrations. Salesforce removed the Drift application from the Salesforce AppExchange until further notice. Google has revealed that the campaign impacts all integrations, including Google Workspace email accounts, and has taken steps to mitigate the risk. Salesloft is temporarily taking Drift offline to review the application and build additional security measures. Okta successfully prevented a breach of its Salesforce instance by enforcing inbound IP restrictions, securing tokens with DPoP, and using the IPSIE framework. Okta recommends that organizations demand IPSIE integration from application vendors and implement an identity security fabric unified across applications.

Open in new tab

Data breach at Auchan exposes personal information of hundreds of thousands of customers

French retailer Auchan has disclosed a data breach affecting hundreds of thousands of customers. The breach exposed personal information associated with loyalty accounts, including names, addresses, email addresses, phone numbers, and loyalty card numbers. No bank data, passwords, or PINs were compromised. The incident has been reported to the French Data Protection Authority (CNIL). The company is advising customers to be vigilant against potential phishing attacks using the stolen information. The breach follows similar incidents involving other large French entities, but no evidence suggests a coordinated campaign. This is the second data breach Auchan has disclosed over the past year.

Open in new tab